Asana bug in new AI feature potentially exposed data to other users for weeks

A bug in one of Asana’s new AI features resulted in user information being accessible to other users for several weeks. The company stated that the issue was not a result of a malicious hack, but rather a logic flaw in its MCP server that was released on May 1, as reported by cybersecurity firm UpGuard. MCP is an open-source framework that allows AI assistants to interact with sites and apps, with Asana’s MCP Server enabling companies to integrate AI features like summarization and natural language search.

Increased Cybersecurity Risk

The rise of generative AI tools and new standards for LLM interoperability pose new privacy issues and heightened cybersecurity risks. MCP servers are now a target for hackers, with potential risks including prompt injection attacks, token theft, and an increase in data leaks. The bug was discovered by Asana on June 4, allowing users of the MCP server to access information from other accounts. Asana reported that around 1,000 accounts were impacted out of more than 130,000 companies using its platform, including big names like Uber, Spotify, and Airbnb.

Mitigating the Issue

Asana took the server offline on June 16 and notified customers using the MCP server about the bug. The company immediately worked to resolve the vulnerability in its code and sent a contact form to potentially impacted customers to compile a full report of exposed data. While it is still unclear if there was a major data breach, Asana advised companies to review their logs for MCP access and any information generated by their AI tools, reporting any suspicious data to Asana.

Update: As of June 17, Asana confirmed in a status update that the affected server was back online.